My IPv4 connection uses CGNAT, so I use a VPN to access my server. I also have IPv6, so I have a couple of things directly accessible over it in case the VPN drops for some reason. I do have dynamic DNS set up, although it's not really necessary. My IPv6 prefix doesn't seem to change unless I change the DUID on my firewall.
this post was submitted on 21 Apr 2024
99 points (95.4% liked)
Selfhosted
40438 readers
422 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
I have two servers (and different other machines) on two different LANs joined by a wireguard tunnel between the routers, with DynDNS running on both, and wireguard on all mobile devices that need access to the LAN.
If your router can natively run wireguard, I'd highly recommended. It just works. Or just use tailscale, it's wireguard for lazy people
I assume you want to access a self hosted service on your local server from the Internet.
To make the service accessible from the Internet multiple things are required:
- the router can be accessed from the outside. Find your public IP in the router or use a find-my-ip website. Better: do both. This is the address you can use to access your router (or whatever service you choose to expose through it). Side note: If the Ip-adresses of your router and the one of the find- my- ip- site are different it could mean that your provider uses CG-NAT (because ipv4- addresses are scarce, the provider doesn't give you a real publicly accessible address). This means you can't access your router from the Internet. Try IPv6 or contact your provider to get a publicly accessible ipv4- address.
- because the above mentioned IP- address of your router might change, dyndns is used. Configure it in your router and test it. Test if the DNS- name you have set up resolves to your ip- address (nslookup or ping it).
- to make your service available to the Internet you need to configure port forwarding in your router (or add your server as exposed host - means all ports are forwarded to the Internet). This means the router passes request to itself on to your internal server. Careful: everybody can access whatever services you expose. Advice: it's a good idea to use a VPN. Setup a VPN-server in your Lan and only port-forward its port in the router. Connect to the VPN from the outside - Afterwards use the internal services through the vpn- connection.
- scripts and the internal ip: the dyndns name needs to be used instead of the IP. Find a way to make the scripts use that name to resolve it to your external IP.